Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-53914 | The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
Tue, 20 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Margiov
Margiov calendapp |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:margiov:calendapp:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Margiov
Margiov calendapp |
Tue, 04 Mar 2025 03:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 26 Feb 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Wed, 26 Feb 2025 14:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The CalendApp WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | |
| Title | CalendApp <= 1.1 - Reflected XSS | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-01-09T20:27:55.824Z
Reserved: 2025-01-23T17:55:19.377Z
Link: CVE-2024-13669
Updated: 2025-02-26T14:25:31.616Z
Status : Modified
Published: 2025-02-26T13:15:37.833
Modified: 2026-06-17T07:02:29.990
Link: CVE-2024-13669
No data.
OpenCVE Enrichment
No data.
EUVD